<?php
# 文件名称:security_helper.php
defined( '_SYS' ) or die( 'No direct script access allowed' );
if ( ! function_exists('getToken'))
{
	function getToken($forceNew = false)
	{
		$SYS = &get_instance();
		$me		= &$SYS->session->get('admin_name');
		if(!$me) return false;
		$session = &$SYS->session;
		$conf = &$SYS->config;
		$seed = $me->get( 'id', 0 ).$session->getToken($forceNew);
		$hash = md5( $conf->item('secretword') .  $seed  );
		return $hash;
	}
}
/**
 * Strip Image Tags
 *
 * @access	public
 * @param	string
 * @return	string
 */	
if ( ! function_exists('strip_image_tags'))
{
	function strip_image_tags($str)
	{
		$str = preg_replace("#<img\s+.*?src\s*=\s*[\"'](.+?)[\"'].*?\>#", "\\1", $str);
		$str = preg_replace("#<img\s+.*?src\s*=\s*(.+?).*?\>#", "\\1", $str);
			
		return $str;
	}
}

/**
 * Convert PHP tags to entities
 *
 * @access	public
 * @param	string
 * @return	string
 */	
if ( ! function_exists('encode_php_tags'))
{
	function encode_php_tags($str)
	{
		return str_replace(array('<?php', '<?PHP', '<?', '?>'),  array('&lt;?php', '&lt;?PHP', '&lt;?', '?&gt;'), $str);
	}
}
?>